Jason Healy wrote:
We've used a few different Squid setups over the years, from a vanilla setup to a transparent interception proxy, to a fully transparent tproxy. We're now using DansGuardian to keep tabs on our users (we don't block; we just monitor). This is good, but unfortunately it doesn't appear to be compatible with tproxy (DG only understands interception or regular proxying). Does anyone know of a way to use DG as an interception proxy, but configure Squid to use the "real" client IP address in its outgoing requests? I have no idea if this is possible since it would be quite a mess of different proxy schemes (DG would be interception-based using routing, Squid would use X-Forwarded-For to get the real IP, and then tproxy to make the request using the client address).
It was not safe to do that when I first added TPROXY. XFF as been improved since so the risk is now much lower but still present. I'll consider it for a future release.
Alternately, does anyone know of a good web monitoring product that works in a "sniffer" mode so I don't need to insert it inline? I basically would like to use tproxy, but also need to log users who are going to naughty sites...
From what I understand of your requirements you don't actually need DG or anything but Squid alone. Squid can log in any format you choose to configure. If there is anything it does not yet log we'd be interested in hearing about that.
Amos -- Please be using Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25 Current Beta Squid 3.1.0.18
